There's a new Tor 0.2.4.17-rc to hopefully help mitigate some of the problems with the botnetissues Tor is experiencing. All packages, including the beta Tor Browser Bundles, have been updated. Relay operators are strongly encouraged to upgrade to the latest versions, since it mostly has server-side improvements in it, but users will hopefully benefit from upgrading too. Please try it out and let us know.

There's a new Tor 0.2.4.16-rc out and all packages, including the beta Tor Browser Bundles, have been updated. The stable Tor Browser Bundles have also been updated to fix a bug in the last release which prevented the language packs from working (which resulted in all of the bundles being in English!). We're very sorry about this.

In addition to providing important security updates to Firefox and Tor, these release binaries should now be exactly reproducible from the source code by anyone. They have been independently reproduced by at least 3 public builders using independent machines, and the Tor Package Archive contains all three builder's GPG signatures of the sha256sums.txt file in the package directory.

To build your own identical copies of these bundles from source code, check out the official repository and use git tag tbb-3.0alpha2-release (commit c0242c24bed086cc9c545c7bf2d699948792c1e3). These instructions should explain things from there. If you notice any differences from the official bundles, I would love to hear about it!

I will be writing a two part blog series explaining why this is important, and describing the technical details of how it was accomplished in the coming week or two. For now, a brief explanation can be found on the Liberation Technologies mailing list archive.

ChangeLog

All Platforms:

Update Firefox to 17.0.7esr

Update Tor to 0.2.4.14-alpha

Include Tor's GeoIP file

This should fix custom torrc issues with country-based node restrictions

Release Highlights

Here are the major highlights of the 3.0 series:

Usability, usability, usability!

We've attempted to solve several major usability issues in this series, including:

No more Vidalia

The Tor process management is handled by the new Tor Launcher Firefox extension. If you want the Vidalia map and other features, you can point an existing Vidalia binary at control port 9151 after Tor Browser has launched, and it should still work (and even allow you to reconfigure the TBB Tor as a bridge or a relay).

Local homepage with search box

The browser now uses a local about:tor homepage instead of https://check.torproject.org. A local verification against the Tor control port is still performed, to ensure Tor is working, and a link to https://check.torproject.org is provided from the about:tor homepage for manual verification as well.

Guided Extraction for Windows

For Windows users, an NSIS-based extractor now guides you through the TBB extraction and ensures the extracted bundle ends up on your Desktop, or in a known location chosen by you (but make sure you have permissions on that location). Hopefully this will mean no more losing track of the extracted bundle files!

Email-sized bundles

The bundles are all under the 25M gmail attachment size limit, so direct email and gettor attachments are once again possible.

Improved build security and integrity verification
We now use Gitian to build the bundles. The idea behind Gitian is to allow independent people to take our source code and produce exactly identical binaries on their own. We're not quite at the point where you always get a matching build, but the remaining differences are minor, and within a couple more releases we should have it fully reproducible. For now, we are posting all of the builds for comparison, and you can of course build and compare your own.

Known issues

Of course, being an alpha release (in fact, the first alpha release of this series), we expect these bundles to have some issues. Here's the major user-facing issues that we know about so far:

Crash Issue: Windows Permissions

On Windows, if you install the bundle to anywhere other than the Desktop, permissions issues can cause the bundles to crash at startup.

Crash Issue: Windows Software Conflict(s)

There appears to be an issue with direct2d rendering acceleration that affects some video cards, and has a crash report with a module d2d1.dll. The simplest workaround is to right click on 'Start Tor Browser' and select "Properties->Compatibility->Run in Windows XP Compatibility mode".

Extraction: Delete or rename your old TBB directory first!

These bundles are significantly different than the previous alphas or stable releases. You must not extract this bundle on top of a previous TBB directory, or multiple things will break. If you want to preserve your bookmarks and history, you can do so by copying only the places.sqlite file from your old bundle directory into the new one. The good news is that the elimination of Vidalia should make it much simpler for us to finally deploy an autoupdater, but please bear with us until we can finally complete that important usability work.

Misc: Missing Translations

Some of the translations strings for the Tor Launcher startup got munged by Transifex. In particular, the Farsi and the German builds both have missing button labels and strings.

If you experience any other issues, please let us know and/or file a bug!

There is a new Firefox 17.0.6esr out and all of the Tor Browser Bundles (stable and alpha branches) have been updated. The new stable TBBs have a lot of new and updated Firefox patches, so those of you who were experiencing crashes should no longer be seeing that behavior. Please let us know if you do by opening a ticket with details.